#espionage
11 stories taggedespionage.

Mustang Panda Turns Zoho WorkDrive Into C2 in Twin Campaigns Against Indian Government
The China-aligned crew is running parallel operations against New Delhi ministries and hydropower operators, abusing a legitimate cloud collaboration service to move commands past network defenses.

China-Nexus Crew Burrowed Into REDCap, Turned Google Workspace Rules Into an Exfil Pipe
A 13-plus-month intrusion across medical, academic, and defense research networks abused victim-side mail forwarding instead of dropping noisy C2.

Threat Actor 'Misere' Claims Breach of French Government Messaging Platform Tchap
Around 73,000 sovereign-platform accounts may be compromised. Attribution remains unclear, and the actor is not yet tied to a known cluster.

OP-512 Cluster Hits IIS Servers With Custom Web Shell Kit, Researchers Link Activity to China
A previously unreported intrusion set is dropping a bespoke web shell framework on Microsoft IIS servers, with espionage indicators pointing toward Beijing.

Five Eyes Warns: Chinese Intelligence Officers Posing as Recruiters to Harvest Government Secrets
A joint advisory flags a persistent social engineering campaign targeting personnel with access to classified material — fake job offers, real espionage.

Five-Month Outlook Intrusion at Global Stock Exchange Exfiltrated via Dropbox, OneDrive
Threat hunters say the executive's mailbox was siphoned in small batches over consumer cloud channels — a pattern consistent with state-aligned espionage rather than financially motivated crime.

Operation Dragon Weave Drops AdaptixC2 on Czech, Taiwanese Targets
Spear-phishing campaign hits government, academia, and finance with ZIP-borne lures and an open-source C2 framework.

Russia's Tech Embargo Run-Around: Shell Companies, Middlemen, and Embedded Spies
Western sanctions were supposed to starve Moscow's military-industrial base of critical components. Instead, Russian intelligence built a procurement machine to go get them anyway.

MuddyWater Targets Global Organizations with DLL Side-Loading
Iranian group MuddyWater exploits DLL side-loading in espionage affecting nine nations.

Showboat: A Modular Linux Backdoor Quietly Camped in a Middle East Telco Since 2022
Lumen's Black Lotus Labs ties the SOCKS5-capable implant to a years-long intrusion at a regional carrier, with an in-memory loader and ELF payloads that sidestep most host telemetry.

Lithuania Probes Foreign Hand in Leak of 600,000-Plus National Register Records
Lithuanian authorities suspect state-linked actors after a data breach exposed more than 600,000 entries from government population and registration databases.